Aspect | Details |
---|---|
Threat Actors | Helldown Ransomware group |
Campaign Overview | Active exploitation of vulnerabilities in Zyxel firewalls (CVE-2024-11667) and Advantech wireless devices (CVE-2024-50370-50375) |
Target Regions (Or Victims) | Small and medium-sized businesses, especially in the US and Europe |
Methodology | Exploited vulnerabilities for ransomware, data exfiltration, remote code execution, and access to sensitive network devices. |
Product Targeted | Zyxel firewalls, Advantech wireless access point devices |
Malware Reference | Helldown ransomware |
Tools Used | Rogue beacon frames, JavaScript injection, backdoor installation |
Vulnerabilities Exploited | CVE-2024-11667, CVE-2024-50370 through CVE-2024-50375, CVE-2024-50359, CVE-2024-50376 |
TTPs | Initial Access, Exploitation, Privilege Escalation, Data Exfiltration, Lateral Movement |
Attribution | Helldown ransomware group |
Recommendations | Apply firmware updates, disable remote access, change admin passwords, monitor for unauthorized access, implement 3-2-1 backup strategy |
Source | SOCRadar |
Read full article: https://socradar.io/zyxel-firewalls-exploited-for-ransomware-attacks-20-security-flaws-discovered-in-advantech-access-points/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply